Greetings everyone,
I know there has been plenty concern over using secure permissions with Sentora. Over the past few months I've been working hard on an UNOFFICIAL (not supported by the Sentora team) plugin that will allow secure permissions within the web hosting panel. I've named the project Sentora Secured.
This program basically does two things: (1) Create Linux users (named after the Sentora user) to use for SFTP and ownership over their own hostdata information and (2) fix most of the insecure permissions of Sentora.
With Apache, the default setup is to use a general user and group (usually "apache", "nobody", or "www-data") for every file in a persons hostdata directory. This actually makes it so that anyone can edit and modify another user's files since they're all owned and ran by the same user. With Sentora Secured, all of a persons data is owned to themselves and run through Apache using suEXEC (or RUID2 if suEXEC is not available). As a side note, it's actually preferable to use RUID2 with Apache over suEXEC so you can have the benefits of PHP OpCode caching software.
This software is very much in an alpha stage. I do NOT recommend using this in a production environment. However, I would appreciate any testers willing to help find bugs or other issues. I'm always open to new feature requests, too. You can view and download the entire project and its source code here: [ https://github.com/ekultails/sentorasecured ].
Ideally, this is something that would be implemented in the official Sentora. Since this fork of zPanel no longer relies on a Windows port there's no reason not to transition to using real Linux users (instead of pseudo Sentora and FTP users) and implementing suEXEC/RUID2 protocols for Apache users. I understand this is on the "to-do list" but hope it will be integrated one day soon.
Thank you guys for your time and I hope to see you all around the forums!
I know there has been plenty concern over using secure permissions with Sentora. Over the past few months I've been working hard on an UNOFFICIAL (not supported by the Sentora team) plugin that will allow secure permissions within the web hosting panel. I've named the project Sentora Secured.
This program basically does two things: (1) Create Linux users (named after the Sentora user) to use for SFTP and ownership over their own hostdata information and (2) fix most of the insecure permissions of Sentora.
With Apache, the default setup is to use a general user and group (usually "apache", "nobody", or "www-data") for every file in a persons hostdata directory. This actually makes it so that anyone can edit and modify another user's files since they're all owned and ran by the same user. With Sentora Secured, all of a persons data is owned to themselves and run through Apache using suEXEC (or RUID2 if suEXEC is not available). As a side note, it's actually preferable to use RUID2 with Apache over suEXEC so you can have the benefits of PHP OpCode caching software.
This software is very much in an alpha stage. I do NOT recommend using this in a production environment. However, I would appreciate any testers willing to help find bugs or other issues. I'm always open to new feature requests, too. You can view and download the entire project and its source code here: [ https://github.com/ekultails/sentorasecured ].
Ideally, this is something that would be implemented in the official Sentora. Since this fork of zPanel no longer relies on a Windows port there's no reason not to transition to using real Linux users (instead of pseudo Sentora and FTP users) and implementing suEXEC/RUID2 protocols for Apache users. I understand this is on the "to-do list" but hope it will be integrated one day soon.
Thank you guys for your time and I hope to see you all around the forums!
Welcome to a new age of hosting.
GalacticWebspace.com
GalacticWebspace.com